<?php
$xtpl_main -> assign("page_title", "Login");
//--
if (isset($_POST['frmAct']) && $_POST['frmAct'] == 'doLogin') {
	$result = mysql_query("SELECT member_id, member_username, member_is_admin, member_status FROM member WHERE member_username = '" . addslashes($_POST['username']) . "' AND member_password = '" . md5($_POST['password']) . "'");
	if (mysql_num_rows($result) > 0) {
		$row = mysql_fetch_array($result);
		if ($row['member_status'] == '0') {$xtpl -> parse('center.blockInActive');
		} else {
			$_SESSION['member_id'] = $row['member_id'];
			$_SESSION['member_username'] = $row['member_username'];
			if ($row['member_is_admin'] == '1') {
				$_SESSION['member_is_admin'] = '1';
			}
			header('location: index.php?mod=member&act=controlpanel');

		}
	} else {
		//-- tk ko ton tai
		$xtpl -> parse('center.blockFalse');
	}

}
?>